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DETAILED ACTION 

1 . This action is response to communication: amendment filed on 02/13/2008. 

2. Claims 18, 19, 21 , 22, 24-27, 29, 30, 34, 38-41 , and 43-46 are currently pending 
in this application. Claims 45 and 46 have are new. 

3. No new IDS has been received on this application. 

Response to Arguments 
Applicant's arguments filed 02/13/2008 have been fully considered but they are 
not persuasive. 

Although the claims have been amended, the Simon reference still teaches all 
the limitations of the claims. New areas of the Simon reference will be used to reject 
the amended claims. 

The applicants argue that Simon does not teach the edge routers distributing 
security association information to each other in Simon. However, this is taught 
throughout Simon, such as in paragraphs 70, where information is transmitted between 
edge routers. This is also discussed in paragraphs 72 and 73. The appellants also 
argue that this updating of security information does not happen during an active link 
layer connection. However, this would have been obvious, as paragraph 70 recites "this 
enables seamless roaming of the end node between edge routers, while enabling ESP 
and AU implementations to continue to function without interruption... this embodiment 
is also believed to be particularly advantageous in environments containing large 
numbers of active end nodes and/or edge routers." 
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Claim Objections 

4. The previous claim objections have been withdrawn in response to applicant's 
amendment. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 18, 19, 25-27, 38, 39, and 45-46 are rejected under 35 U.S.C. 102(e) as 
being clearly anticipated by Simon et al. US Patent Application Publication 
2003/0093691 (hereinafter Simon). 

As per claim 18, Simon teaches a method of providing redundancy in a security 
processing system comprising: establishing a first secure packet from through a first 
security processor (paragraphs 50, 51, 59); updating security association information 
associated with the first secure packet flow (paragraphs 59, 79, 80); establishing a 
second secure packet flow through a second security processor (50, 51 , 59, Figure 1 , 
as these processes take place on multiple edge routers); updating security association 
information associated with the second secure packet flow (paragraphs 50, 51, 59, and 
Figure 1, as these processes take place on multiple edge routers); sending the updated 
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security association information associated with the first secure packet flow form the 
first security processor to the second security processor at a first predefined interval 
(paragraphs 60, 64, 66, 70, 74, and 82, wherein paragraphs 70 and 82 teaches that 
information may be distributed directly between edge routers, as it is advantageous to 
combine the functions of a cryptographic node with an edge router; also discussed in 
detail in paragraphs 72-73; ); sending the updated security association information 
associated with the second secure packet flow for the second security processor to the 
first security processor at a second predefined interval(paragraphs 60, 65, 66, 70, 74, 
and 82, wherein paragraphs 70 and 82 teaches that information may be distributed 
directly between edge routers; also, Figure 1, wherein it shows multiple edge routers, 
and wherein the paragraphs teach that the edge routers send each other the updated 
SA information; also discussed in detail in paragraphs 72 and 73); storing the updated 
security information associated with the first secure packet flow and the updated 
security association information associated with the second secure packet flow in the 
first security processor and in the second security processor 

As per claim 19, Simon teaches wherein the rerouting step is in response to a 
failure of packet flow through the first security processor (abstract, paragraph 79, 
paragraph 95). 

As per claim 25, Simon teaches generating at least one configuration 
packet including the security association information, wherein the sending step 
comprises sending the at least one configuration packet (paragraphs 54-55). 
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As per claim 26, Simon teaches sending, by a host processor, configuration 
information to the first security processor and the second security processor 
(paragraphs 32-37, 55, 56, 57). 

As per claim 27, Simon teaches sending, by a host processor, security 
association configuration information to the first security processor and the second 
security processor (paragraphs 32-35, 37, 55, 56, 57). 

Claim 38 is rejected using the same basis of arguments used to reject claim 18 

above. 

As per claim 39, Simon teaches at least one host processor connected to the at 
least one switch for terminating or initiating the first packet flow and the second packet 
flow (paragraph 43, Figure 3). 

As per claim 45, Simon rerouting the secure packet flow to flow through 
the second security processor instead of the first (paragraphs 70, abstract, and 
paragraph 95) 

As per claim 46, Simon teaches at least one host processor for establishing a 
first packet flow to a first security processor and a second packet flow to a second 
security processor (throughout the reference, and for example, paragraphs 70-73. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 21 , 22, 24, 29-30, and 34 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Simon as applied above, and in view of Xiong et al. US Patent 
Application Publication 2003/0061507 (hereinafter Xiong). 

As per claim 21 , Simon does not explicitly teach wherein the security association 
information comprises at least one sequence number. However, this is taught by Xiong, 
such as in paragraph 23. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include a sequence number with a security association. One of ordinary skill 
in the art would have been motivated to perform such an addition, as sequence 
numbers are commonly associated with security associations. This is taught in 
paragraph 23 of Xiong.. Also, by incorporating sequence numbers, the transmissions 
are more secure, as they prevent replay attacks (also found in paragraph 23). 

As per claim 22, Xiong teaches wherein the security association information 
comprises at least one byte count (paragraph 23). 

As per claim 24, Xiong teaches wherein the sending step further comprises 
repeatedly sending the security association information at intervals according to at least 
one sequence number (paragraph 23; also Simon paragraphs 57, 60, and 66; wending 
updates to the security association is taught throughout Simon, and it would have been 
obvious to combine this with the teachings of Xiong to show that it may be sent in 
accordance to sequence numbers). 
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As per claim 29, Simon teaches defining an interval at which to update the 
security association information in paragraphs 79-80. Xiong teaches defining a quantity 
to adjust a sequence number in paragraph 23. Xiong also teaches determining whether 
to send the security association information according to a comparison of a sequence 
number with the interval in paragraph 23. Although it does not teach a second 
processor, Simon teaches incorporating sending security associations to second 
security processors. 

As per claim 34, Xiong teaches sending replay window information to the second 
security processor (paragraph 23, in combination with the Simon reference 
incorporating the second security processor). 

9. Claims 40, 41 , 43, and 44 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Simon as applied above, and in view of Rosenow et al. US Patent 
No. 5,022,076 (hereinafter Rosenow). 

As per claim 40, Simon teaches changing the routing of packet flow by either 
routing the first packet flow to the second security processor instead of the first security 
processor or routing the second packet flow to the first security processor instead of the 
second security processor (paragraphs 72, 73, 75, 76, and 77). However, Simon does 
not explicitly teach wherein the one host processor changes the routing of the packet 
flow. However, routing processes from one processor to another processor is well 
known in the art, as taught by Rosenow. Rosenow teaches throughout the reference 
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the routing of processes from one processor to another processor, such as in the 
abstract and in col. 23 lines 59 to col. 24 line 1 1 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Rosenow reference with the Simon reference. One of ordinary 
skill in the art would have been motivated to perform such an addition to provide more 
reliability by creating a fault tolerant system. This is taught throughout Rosenow, such 
as in the abstract and col. 4 lines 15-61. 

As per claim 41 , Rosenow teaches wherein the change in the routing is in 
response to a failure of the first packet flow through the first security processor or the 
second flow through the second security processor (abstract; col. 23 line 59 to col. 24 
line 11). Also, this is taught in Simon's abstract, paragraph 79, and paragraph 95. 

Claim 43 is rejected using the same basis of arguments used to reject claim 40 

above. 

Claim 44 is rejected using the same basis of arguments used to reject claim 40 
above, (it routes to whatever processor is working). 

Conclusion 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2100 
04/14/2008 

/Kambiz Zand/ 



Supervisory Patent Examiner, Art Unit 2134 



